Bump Next deps to remove Vercel project vuln alert false positives

[vercel]

Unticketed chore

Description Of Changes

This PR upgrades Next.js dependencies to resolve a Vercel CI deployment and preview alert. The RSC vulns that Vercel is alerting for are not actually present in the Next versions pre-bump in this PR, but this alert is annoying, so I'm bumping deps to get rid of it.

Note: This PR was initially generated by Vercel's automated patching tool and has been modified manually for compatibility with the Fides codebase.

Code Changes

• Bumps next package to semver patch latest
• Added changelog fragment for the dependency updates

Steps to Confirm

• Verify all CI pipelines succeed

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • No UX review needed
• Followup issues:
  • No followup issues
• Database migrations:
  • No migrations
• Documentation:
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Jan 14, 2026 10:23am

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
fides-privacy-center	Ignored		Jan 14, 2026 10:23am

[greptile-apps]

Greptile Summary

This PR updates Next.js dependencies across the monorepo to resolve false positive RSC vulnerability alerts from Vercel CI. The changes are semver patch-level updates:

• admin-ui & workspace root: Next.js 14.2.25 → 14.2.35
• privacy-center: Next.js 15.2.7 → 15.2.8
• sample-app: Next.js 14.2.25 → 14.2.35

All lock files are properly updated with resolved versions, and the changelog entry is correctly formatted.

Confidence Score: 5/5

• This PR is safe to merge - it contains only semver patch dependency updates with no code changes
• Score reflects that this is a straightforward dependency bump with no functional code changes, only updating package versions to resolve CI alerts
• No files require special attention

Important Files Changed

Filename	Overview
changelog/7216.yaml	Added changelog entry documenting the Next.js dependency bump to resolve Vercel CI alerts
clients/admin-ui/package.json	Bumped Next.js from ^14.2.25 to ^14.2.35 (semver patch update)
clients/package.json	Bumped Next.js from ^14.2.25 to ^14.2.35 at workspace root level
clients/privacy-center/package.json	Bumped Next.js from 15.2.7 to 15.2.8 (semver patch update)
clients/sample-app/package.json	Bumped Next.js from 14.2.25 to 14.2.35 (pinned version)